I’m pleased to announce that the latest episode of The Polyglot Developer Podcast titled, Mobile Application Security, has been published to iTunes, Pocket Casts, and every other major podcasting network that consumes the feed!
In this episode, which is the 24th episode of the show, I’m joined by first time guest, Rob Lauer, and returning guest TJ VanToll. Both of these guests work for Progress, which is the company behind NativeScript, and you’ll remember that episode 5 was strictly around getting to know what NativeScript has to offer. The focus of this episode isn’t around NativeScript, but around the security of your mobile applications. Just like with web applications, security is important with mobile, even if it isn’t talked about as much.
In this episode you’ll learn about protecting your application source code from reverse engineering, protecting your users data at rest, and securely transferring your data between remote web services.Read More
When creating a web application that handles user information it is a good idea to protect anything considered sensitive rather than storing it as plaintext within a database. The goal is to make it as difficult as possible for a malicious person to obtain access to this sensitive information. Rather than encrypting sensitive information with the knowledge that it can one day become decrypted, it is better to hash this sensitive data instead because hashing is a one-way process.Read More
As you’ve probably noticed from the previous few articles, I’ve been doing a lot of development around cryptocurrency wallets using Node.js. Up until now, I’ve only been writing about interacting with different currencies. However, I haven’t discussed how to safely store your wallet information.
When it comes to storing anything sensitive, whether it be cryptocurrency secrets or something else, you must do so safely and securely. For example, the data must be encrypted at rest and decrypted when used.
We’re going to see how to encrypt data with a passphrase using Node.js and decrypt it using that same passphrase when necessary.Read More
I am pleased to announce that the latest episode of The Polyglot Developer Podcast is now available to download from all the popular podcasting networks. In this episode titled, Authorizing Access with OAuth, I’m joined by Ryan Chenkie from Auth0 to talk about OAuth and how it can be used to authorize access to your data by third-party applications.Read More
When it comes to API development, there is often a need to protect certain endpoints or rate-limit the API in general. Because you are working with endpoints from clients possibly on a different domain, you can’t authenticate users with sessions and cookies. It would also be a bad idea to pass around a username and password with each request. Typically endpoints are protected with tokens that are passed with each request and these tokens are often JSON Web Tokens (JWT) that work very well.
We’re going to see how to create a very simple API using Node.js with protected endpoints that require a valid JWT in order for requests to succeed.Read More
I am pleased to announce that Solar Flare for Cloudflare, my first mobile development project in a long time, has been published to the iTunes App Store and Google Play!
So what is Solar Flare and who is it designed for? This is a free application for managing data stored in Cloudflare on iOS and Android. If you’re unfamiliar, Cloudflare is an amazing service that acts as a content delivery network (CDN), among other things related to web performance and security.Read More
If you’re like me, you’ve been developing applications with Apache Cordova or Ionic Framework for a while now. Long enough to have received an email from Google Play stating that they are going to remove your application if you don’t update your published application to a more secure version of Apache Cordova.
Apache Cordova announcement:
Security issues were discovered in the Android platform of Cordova. We are releasing version 3.5.1 of Cordova Android to address these security issues. We recommend that all Android applications built using Cordova be upgraded to use version 3.5.1 of Cordova Android. Other Cordova platforms such as iOS are unaffected, and do not have an update.
So how does one go about fixing something like this? A security flaw like this isn’t the first and it probably won’t be the last.Read More